One big vulnerability to customer data which companies don’t always think about is employees use of their own devices for work.
Don’t get us wrong BYOD is great for productivity but not always great for security.
Now with the General Data Protection Regulation (GDPR) is in full force the security of business data and customer data is even more important.
Here are a few tips from BackUp Data on BYOD best practices to ensure your business data and your customer data stays secure and you don’t risk GDPR penalties and fines.
Keep a record of staff members who use their own devices for work purposes.
The reasons and usage of personal devices for work purposes may vary, so it may be worth categorising personal device usage by type and purpose. As in the example shown below:
Once the personal device usage record is complete it would be worth creating a mail list of BYOD users to send software update and security notifications to, as well as provide training to the identified BYOD users.
Provide useful staff training to BYOD users. Staff training shouldn’t be a security lecture, training can serve to benefit both the organisation in ensuring best practice security measures are implemented by staff and the staff member who can learn effective ways to secure their personal data on their devices as well as work data, and may also learn a few technology tricks about their devices which they may not be aware of!
– Two factor authentication set up
– Safe keeping of devices whilst on business travel
– Risks of using Public wi-fi for work related activities
– The benefits of installing the latest security updates
Ensure that there is a procedure put in place to ensure staff notify you of any changes to their personal device. Upgrades to devices are great at allowing staff access to the latest technology but new devices come with potential security flaws and updates are often frequently required on set up which are crucial to the security of the devices.
As an ongoing practice it would be worthwhile keeping track of device operating system updates and alerting staff accordingly that they should update their devices, offering assistance is needed.
Your HR department should keep a record on an employees file if they use a personal device for work purposes. Then in the event that a staff member gives notice to leave their position within the company, timely notice can be given to CRM and email service providers to remove the staff members login abilities and on departure admin rights for the staff member should be revoked across all social media channels, then passwords updated accordingly.
We hope you have found some of these tips useful in producing your own BYOD best practices. BackUp Data are always at your disposable to answer any security questions which you may have on BYOD best practices and staff training.
0 1223 240 088
contact us now